APPLIED: [SRU][N][PATCH 0/1] CVE-2024-53156
Koichiro Den
koichiro.den at canonical.com
Fri Feb 14 07:03:02 UTC 2025
On Mon, Feb 10, 2025 at 11:31:09AM GMT, Bethany Jamison wrote:
> [Impact]
>
> wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
>
> There is an array index out of bounds in drivers/net/wireless/ath/ath9k/htc_hst.c
> caused by insufficient verification of conn_rsp_epid. To fix this add a range check for
> conn_rsp_epid to htc_connect_service() to prevent the bug from occurring.
>
> [Fix]
>
> Oracular: pending (6.11.0-17.17)
> Noble: Clean cherry-pick from linux-6.11.y
> Jammy: pending
> Focal: pending
> Bionic: fix sent to esm ML
> Xenial: fix sent to esm ML
> Trusty: won't fix as it is not critical
>
> [Test Case]
>
> Compile tested.
>
> [Where problems could occur]
>
> This fix affects those who use Atheros 802.11n USB chipsets,
> an issue with this fix would be visible to the user via unexpected
> system behavior.
>
> Jeongjun Park (1):
> wifi: ath9k: add range check for conn_rsp_epid in
> htc_connect_service()
>
> drivers/net/wireless/ath/ath9k/htc_hst.c | 3 +++
> 1 file changed, 3 insertions(+)
>
Applied to noble:linux master-next branch. Thanks!
More information about the kernel-team
mailing list